Which banks are affected by the suspension of payment systems by NPCI
According to NPCI’s notice, C-Edge Technologies Limited is a technology service provider mostly catering to cooperative and regional rural banks. “It has been brought to NPCI’s notice that C-Edge Technologies, a technology service provider who caters mostly to cooperative and regional rural banks, has been possibly impacted by a Ransomware attack impacting a few of their systems,” said NPCI in the notice
“Restoration work is underway on a war-footing along with C-Edge Technologies and necessary security review is in process. Connectivity to the affected banks shall be restored at the earliest,” said NPCI in the notice.
According to C-Edge Technologies website, the company is a joint venture between Tata Consultancy Services (TCS) and State bank of India (SBI). (https://cedge.in/about-us/)
Source: NPCI on X (formerly Twitter)
What is ransomware attack
According to Sheetal R Bhardwaj, executive member of Association of Certified Financial Crime Specialists (ACFCS), “A ransomware attack is a type of cyberattack where malicious software, or malware, encrypts a victim’s data or locks them out of their systems. The attackers then demand a ransom payment in exchange for restoring access to the data or systems.” Ransomware attacks involve malicious software that encrypts files on a victim’s computer or network, rendering them inaccessible until a ransom is paid.
According to Sheetal, here are some key points about ransomware attacks:
- Encryption: The malware encrypts the victim’s files, making them inaccessible without a decryption key, which the attackers hold.
- Ransom Demand: Attackers demand a ransom, often in cryptocurrency, to provide the decryption key.
- Double and Triple Extortion: In more advanced attacks, attackers may also threaten to leak stolen data (double extortion) or use the stolen data to attack the victim’s customers or partners (triple extortion) if the ransom is not paid.
- Delivery Methods: Ransomware can be delivered through phishing emails, malicious websites, or exploiting vulnerabilities in software.
According to Indian Computer Emergency Response Team (CERT-IN) website as of July 31, 2024, “Ransomware is a category of malware that gains access to systems and makes them unusable to its legitimate users, either by encrypting different files on targeted systems or locking the system’s screen unless a ransom is paid. Ransomware actors also threaten to sell or leak any exfiltrated data, if the ransom is not paid.”
CERT-IN states, on its website, that although there are countless strains of ransomware, they mainly fall into two categories:
- Crypto Ransomware encrypts files on a computer so that they become unusable.
- Locker Ransomware blocks standard computer functions from being accessed.
According to CERT-IN Ransomware report 2022, Overall, there is 53% increase in Ransomware incidents reported in 2022 Year over Year. (https://www.cert-in.org.in/PDF/RANSOMWARE_Report_2022.pdf)
“IT & ITeS was a majorly impacted sector followed by Finance and Manufacturing. Ransomware players targeted critical infrastructure organisations and disrupted critical services in order to pressurise and extract ransom payments. Variant wise, Lockbit was a majorly seen variant in the Indian context followed by Makop and DJVU/Stop ransomware. Many new variants were observed in 2022 such as Vice society, BlueSky etc. Leaked Ransomware source codes are getting forked to launch new Ransomware brands,” said CERT-IN in the report.
CERT-IN also said in the report that “Ransomware restoration & recovery time is dependent upon multiple factors like level of infection, affected applications, availability of backups & images, and Business Continuity preparedness. Time, efforts and cost involved are very much significant even with the availability of safe backups.”